Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6.

1 files changed, 19 insertions, 0 deletions

diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp
index b077f7e2..b5b2bcb3 100644
--- a/node/IncomingPacket.cpp
+++ b/node/IncomingPacket.cpp
@@ -832,6 +832,7 @@ bool IncomingPacket::_doNETWORK_CREDENTIALS(const RuntimeEnvironment *RR,const S
 		Capability cap;
 		Tag tag;
 		Revocation revocation;
+		CertificateOfOwnership coo;
 		bool trustEstablished = false;
 
 		unsigned int p = ZT_PACKET_IDX_PAYLOAD;
@@ -909,6 +910,24 @@ bool IncomingPacket::_doNETWORK_CREDENTIALS(const RuntimeEnvironment *RR,const S
 					}
 				}
 			}
+
+			const unsigned int numCoos = at<uint16_t>(p); p += 2;
+			for(unsigned int i=0;i<numCoos;++i) {
+				p += coo.deserialize(*this,p);
+				const SharedPtr<Network> network(RR->node->network(coo.networkId()));
+				if (network) {
+					switch(network->addCredential(coo)) {
+						case Membership::ADD_REJECTED:
+							break;
+						case Membership::ADD_ACCEPTED_NEW:
+						case Membership::ADD_ACCEPTED_REDUNDANT:
+							trustEstablished = true;
+							break;
+						case Membership::ADD_DEFERRED_FOR_WHOIS:
+							return false;
+					}
+				}
+			}
 		}
 
 		peer->received(_path,hops(),packetId(),Packet::VERB_NETWORK_CREDENTIALS,0,Packet::VERB_NOP,trustEstablished);